External people can't open files with Sensitivity Label encryption.
Question: What are the best practices for ensuring external users can open files encrypted with Sensitivity Labels? Hi all. I've been investigating proper setup of sensitivity labels in Purview, and the impact on user experience. The prerequisites are simple enough, creating and configuring the labels reasonably straightforward, and publishing them is a breeze. But using them appears to be a different matter! Everything is fine for labels that don't apply encryption (control access) or when used internally. However, the problems come when labels do apply encryption and information is sent externally. The result is that we apply a label to a document, attach that document to an email, and send it externally - and the recipient says they can't open it and they get an error that their email address is not in our directory. This is because due to the encryption, the external user needs to authenticate back to our tenant, and if they're not in our tenant they obviously can't do this so the files won't open. So, back to the question above. What's the easiest / most secure / best way to add any user we might share encrypted content with to our tenant. As I see it we have the following options: Users have to request Admins add the user as a Guest in our tenant before they send the content. Let's face it, they'll not do this and/or get frustrated. Users share encrypted content directly from SharePoint / OneDrive, rather than attaching it to emails (as that would automatically add the external person as a Guest in the tenant). This will be fine in some circumstances, but won't always be appropriate (when you want to send them a point-in-time version of a doc). With good SharePoint setup, site Owners would also have to approve the share before it gets sent which could delay things. Admins add all possible domains that encrypted content might be shared with to Entra B2B Direct Connect (so the external recipient doesn't have to be our tenant). This may not be practical as you often don't know who you'll need to share with and we work with hundreds of organisations. The bigger gotcha is that the external organisation would also have to configure Entra B2B Direct Connect. Admins default Entra B2B Direct Connect to 'Allow All'. This opens up a significant attack surface and also still requires any external organisation to configure Entra B2B Direct Connect as well. I really want to make this work, but it need to be as simple as possible for the end users sharing sensitive or confidential content. And all of the above options seem to have significant down-sides. I'm really hoping someone who uses Sensitivity Labels on a day-to-day basis can provide some help or advice to share their experiences. Thanks, Oz.From Chaos to Clarity: How Microsoft 365 Copilot Helps SMBs Make Smarter Decisions
In today’s fast-paced business landscape, small and medium-sized businesses (SMBs) face a constant challenge: do more with less and do it faster. The pressure to innovate, respond to market shifts, and keep teams aligned is real. That’s why Microsoft 365 Copilot is more than just another productivity tool—it’s a strategic partner for SMBs looking to turn operational chaos into clarity.
Dibbling Microsoft AutoUpdate - macOS
I have a customer with a Mac mini M4 with multiple user accounts. Each user has an access to Office 365 apps, Outlook, Excel and Word. The issue I am having is with Microsoft AutoUpdate. I have turned off "Automatically keep Microsoft apps up to date" on all of the users. This has not stopped update application from opening and showing on each of the users there are updates available. If one of the users tries to run the update while an application is open by another user, it cause all kinds of problems. My questions is, "Is there another way to prevent AutoUpdate from indicating there are updates available? Thanks Len Levin BSCMicrosoft 365 E5 Security is now available as an add-on to Microsoft 365 Business Premium
The threat landscape continues to evolve creating ongoing challenges for small and medium businesses (SMBs) that are faced with increased regulations and cyberinsurance requirements. Today, Microsoft 365 Business Premium delivers core security solutions to SMBs that help safeguard data, defend against cyberthreats, and manage access and devices. With the growing volume of attacks and increased sophistication of threats, there are SMBs that want enhanced cybersecurity protection for their business. We are pleased to announce that Business Premium customers are now able to purchase Microsoft 365 E5 Security as an add-on to further enhance their security. E5 Security brings new security value on top of Business Premium with Microsoft Entra ID Plan 2, Microsoft Defender for Identity, Microsoft Defender for Endpoint Plan 2, Microsoft Defender for Office 365 Plan 2, and Microsoft Defender for Cloud Apps. (ENHANCED) Identity and access controls Business Premium includes Microsoft Entra ID P1, which provides single sign-on, multi-factor authentication (MFA), and conditional access to help SMBs manage user identities and enable access to applications and resources from trusted users, devices, and locations. Microsoft Entra ID P2 offers advanced security and governance features including Microsoft Entra ID Protection and Microsoft Entra ID Governance. Microsoft Entra ID protection offers risk-based conditional access that helps block identity attacks in real time using behavioral analytics and signals from both user risk and sign-in risk. It also enables SMBs to detect, investigate, and remediate potential identity-based risks using sophisticated machine learning and anomaly detection capabilities. With detailed reports and alerts, your business is notified of suspicious user activities and sign-in attempts, including scenarios like a password-spray where attackers try to gain unauthorized access to company employee accounts by trying a small number of commonly used passwords across many different accounts. ID Governance capabilities are also included to help automate workflows and processes that give users access to resources. For example, IT admins historically manage the onboarding process manually and generate repetitive user access requests for Managers to review which is time consuming and inefficient. With ID Governance capabilities, pre-configured workflows facilitate the automation of employee onboarding, user access, and lifecycle management throughout their employment, streamlining the process and reducing onboarding time. (NEW) Extended Detection and Response (XDR) Microsoft Defender XDR delivers a unified and efficient approach to incident-level visibility across the attack lifecycle. Together XDR and exposure management (XSPM) consolidate multiple siloed security solutions to provide best-of-breed capabilities across identities, endpoints, apps, and email. (NEW) Identity threat detection and response (ITDR) Identities are one of the most common attack vectors making identity-specific threat detection and response a critical element to secure your business. Microsoft Defender for Identity includes dedicated sensors and connectors for common identity elements that offer visibility into your unique identity landscape and provide detailed posture recommendations, robust detections and response actions. These powerful detections are then automatically enriched and correlated with data from other domains across Defender XDR for true incident-level visibility. (ENHANCED) Device security Microsoft Defender for Business (MDB) already brings enterprise-grade device protection capabilities to Business Premium customers across Windows, MacOS, iOS, and Android devices. It includes vulnerability management, next-generation antivirus protection, AI-powered endpoint detection and response with automatic attack disruption, and automated investigation and remediation. With streaming APIs, customers and partners can build Managed Detection and Response (MDR) services with Defender for Business. For customers who need advanced hunting, Microsoft Defender for Endpoint P2 adds advanced hunting, and 6 months of data retention on the device, along with endpoint security for IoT devices. (ENHANCED) Email and Collaboration security Microsoft Defender for Office 365 P1 in Business Premium includes SafeLinks with time of click URL filtering, safe attachments with real-time attachment scanning in sandbox, and phishing and malware defense across email, Microsoft Teams, OneDrive and SharePoint. It also has AI-powered LLM-based threat protection with 99.995% attacker intent detection accuracy. With Defender for Office 365 P2, you gain access to cyber-attack simulation training, which provides SMBs with a safe and controlled environment to simulate real-world cyber-attacks, helping to train employees in recognizing phishing attempts. Additionally automated response capabilities and post-breach investigations help reduce the time and resources required to identify and remediate potential security breaches. Detailed reports are also available that capture information on employees’ URL clicks, internal and external email distribution, and more. (NEW) Software-as-a-service (SaaS) security Microsoft Defender for Cloud Apps is a comprehensive, AI-powered software-as-a-service (SaaS) security solution that enables IT teams to identify and manage shadow IT and ensure that only approved applications are used. It protects against sophisticated SaaS-based attacks, OAuth attacks, and risky interactions with GenAI apps by combing SaaS app discovery, security posture management, app-to-app protection, and integrated threat protection. IT teams can gain full visibility into their SaaS app landscape, understand the risks and set up controls to manage the apps. SaaS security posture management quickly identifies app misconfigurations and provides remediation actions to reduce the attack surface. E5 Security delivers added protection to meet the growing needs of SMBs in a package that is cost-effective. Purchasing E5 Security has 57% savings when compared to the cost of separately purchasing the individual products that are included. FAQ When will E5 Security be available for purchase? E5 Security is available for purchase as an add-on to Business Premium starting today, 3/6. How can I purchase E5 Security? You can purchase E5 Security as an add-on to Business Premium through Microsoft Security for SMBs website or through your Partner. Does Microsoft 365 Business Premium plus Microsoft 365 E5 Security allow mixed licensing for endpoint security solutions? Microsoft Defender for Business does not support mixed licensing so a tenant with Defender for Business (included in Microsoft 365 Business Premium) along with Defender for Endpoint Plan 2 (included in Microsoft 365 Security) will default to Defender for Business. For example, if you have 80 users licensed for Microsoft 365 Business Premium and you’ve added Microsoft 365 E5 Security for 30 of those users, the experience for all users will default to Defender for Business. If you would like to change that to the Defender for Endpoint Plan 2 experience, you should license all users for Defender for Endpoint Plan 2 (either through standalone or Microsoft 365 E5 Security) and then contact Microsoft Support to request the switch for your tenant. You can learn more here. What are the differences between Microsoft Defender for Business and Microsoft Defender for Endpoint P2? MDB includes many of the same features as MDE P2, including enterprise-grade device protection for Windows, MacOS, iOS, and Android devices, vulnerability management, next-generation antivirus protection, AI-powered endpoint detection and response with automatic attack disruption, and automated investigation and remediation. MDE P2 adds endpoint security for IoT devices, threat hunting, and 6 months of data retention on the device. A detailed comparison is available here. As a Partner, how do I build Managed Detection and Response (MDR) services with MDB? For partners or customers looking to build their own security operations center (SOC) with MDR, Defender for Business supports the streaming of device events (device file, registry, network, logon events and more) to Azure Event Hub, Azure Storage, and Microsoft Sentinel to support advanced hunting and attack detection. If you are using the streaming API for the first time, you can find step-by-step instructions in the Microsoft 365 Streaming API Guide on configuring the Microsoft 365 Streaming API to stream events to your Azure Event Hubs or to your Azure Storage Account. To learn more about Microsoft Security solutions for SMBs you can visit our website. Partners can access training resources, customer decks and deployment checklists from our Business Premium Partner Playbook and find additional resources for Microsoft Security for Partners.
Security verification for 365 business account
I've tried everything to get a business account, different browsers, clearing cache, incognito mode, using different phone numbers etc - but it keeps failing at the last step (security verification) when entering my phone. number. It says "Something is wrong with that phone number. Try a different one." No matter what I do, it doesn't go past that. I've tried contacting Microsoft support for 2 weeks - I never get to an agent and then it disconnects me. This is my last attempt. I am based in South Africa, recently bought my business domain and I just want to set up a business account for 1-4 people.Highlighting the importance of securing your business during National Small Business Week
It is a common misconception that cyberattacks only threaten large corporations. In reality, 1 in 3 small and medium sized businesses (SMBs) have experienced a cyberattack (1), ranging from phishing schemes to ransomware attacks. The average cost of a cyberattack is over $250K up to $7M (2), which can be a significant financial loss for a small business. This National Small Business Week, we want to highlight product innovations, customer stories, and resources. To help you understand the importance of cybersecurity and discover ways to protect your small and medium business. Microsoft 365 Business Premium helps you run your business, securely. Many small businesses do not have a dedicated IT team to manage their security needs. As a result, they need a simple and affordable solution. Microsoft 365 Business Premium combines essential security and productivity capabilities in a solution that is easy to use and cost-effective. It provides layered protection across user identities, devices, email and collaboration apps, and data security. To meet the growing needs of small businesses, we announced AI-powered phishing protection in Defender for Office 365. This helps detect and filter business email compromise (BEC) with 99.5% accuracy. We integrate with some of the top managed detection and response (MDR) providers such as Huntress, Blackpoint Cyber, Chorus Cyber, and ConnectWise MDR. For partners, we introduced the SMB-Verified Solution Status within the Microsoft Intelligent Security Association (MISA). The status highlights purpose-built technology solutions for SMBs and MSPs. As your security needs grow, Microsoft 365 E5 Security is available as an add-on: As cyberthreats continue to grow, and as cyber insurance and regulatory requirements evolve, many small businesses are now looking for enterprise-level security. To support the growing security needs, Microsoft now offers Microsoft 365 E5 Security as an add-on for Business Premium. E5 Security brings enterprise-grade protection on top of Business Premium. It gives organizations access to Microsoft’s most sophisticated security technologies. The Microsoft 365 E5 Security suite is cost-effective, saving organizations up to 57% compared to buying each product individually. Microsoft 365 E5 Security adds additional enterprise-grade XDR capabilities to what is already available in Business Premium. Such as: Identity, access, and protection controls: Business Premium includes Microsoft Entra ID P1, providing single sign-on, multi-factor authentication (MFA), and device and IP location based conditional access helping SMBs manage user identities and enable access from anywhere. Entra ID P2, as part of Microsoft 365 E5 Security, has Entra ID Protection offering risk-based conditional access that helps block identity attacks in real time using behavioral analytics and signals from both user risk and sign-in risk. Entra ID P2 also includes ID Governance capabilities to help automate workflows and processes that give users access to resources. With Privileged Identity Management (PIM) companies can provide users with only the minimum privileges needed to accomplish the tasks they're authorized to perform. Microsoft 365 E5 Security has Microsoft Defender for Identity which identifies, detects, and investigates threats for on-premises identities. Email and Collaboration security: Business Premium includes Microsoft Defender for Office 365 P1, which provides anti-phishing and anti-malware defenses, including Safe Links and Safe Attachments for real-time scanning of URLs and files sent via email, Microsoft Teams, OneDrive, and SharePoint. Microsoft 365 E5 Security includes Microsoft Defender for Office 365 P2, which enhances the protections in P1. Providing automated investigation and response capabilities, as well as cyber-attack simulation training for both email and Microsoft Teams. Defender for Office 365 now offers end-to-end protection in Microsoft Teams. Organizations can report suspicious Teams messages, leverage advanced threat hunting capabilities within Teams, and gain more control over external organizational communications. Device Security Business Premium includes Microsoft Defender for Business (MDB) which brings AI-powered endpoint detection and response with automatic attack disruption, automated investigation and remediation, across Windows, MacOS, iOS, and Android devices. E5 Security includes Microsoft Defender for Endpoint P2 adds advanced hunting, access to threat experts, and 6 months of data retention on the device. E5 Security also includes Microsoft Defender for IoT, which helps protect connected devices such as network printers and cameras. Software-as-a- service (SaaS) security: Microsoft 365 E5 Security introduces Defender for Cloud Apps, which helps prevent breaches caused by SaaS app misconfigurations—a common attack vector. Defender for Cloud Apps enables automated and continuous monitoring of SaaS apps to reduce security vulnerabilities and increase compliance by detecting misconfigurations and providing remediation steps for risky configurations. Lean more about Microsoft 365 E5 Security. See Customers in Action: “It’s valuable that Microsoft 365 Business Premium provides all the native controls for us to implement security benchmarks in audits and dramatically reduce the attack surface area”- JJ Milner, Cloud Architect and Managing Director, Global Micro Solutions Acumen Group partnered with Global Micro Solutions, a Microsoft partner, to help implement Business Premium due to increasingly complex mobile device management and security requirements as they scaled. “As part of our Microsoft E5 license which provides security features such as data loss prevention (DLP) and information labeling, we get just about every app under the sun and the more we delve into it, the more we can use it”- Danielle Brautigan, General and Finance Manager, McGees Property McGees Property switched to Microsoft 365, moving from on-premises servers and services to the cloud after being hit by a ransomware attack. The attack locked McGee’s employees out of their files for more than four weeks, forcing them to work from personal email accounts. Resources: At Microsoft, we have created multiple resources to help highlight the importance of cybersecurity and how to get started with Microsoft 365 Business Premium. Are you a customer? Visit our website to learn more about Microsoft Security solutions for SMBs. Are you a partner? Check out our partner playbooks to get started on your SMB managed services journey,– Microsoft 365 Business Premium Partner Playbook and Microsoft 365 E5 Security deck. References: [1, 2] 7 cybersecurity trends and tips for small and medium businesses to stay protected, Scott Woodgate. October 31, 2024Unlocking the Power of AI: Transforming Business with Microsoft 365 Copilot and Clipchamp
AI is becoming a part of everyday life and it's changing the way we do business. For business owners, the benefits are clear. It saves time, reduces the need for extra resources, and directly improves the bottom line. As part of Microsoft 365 Copilot*, we recently introduced the Create module, a new feature designed to make producing visual materials fast and simple. You don’t need to be an AI expert or add complex and expensive design software to your tech stack to get the most out of it. Effortless content creation with Microsoft 365 Copilot The Create module helps users produce high-quality visual content quickly and easily—often better than they could on their own. Because it's built into Copilot and fully integrated with the Microsoft environment, there’s no need for separate design tools or additional creative software. That reduces complexity for users and eases the burden on IT teams who would otherwise have to support and manage extra solutions. At the same time, Create puts professional-grade design within reach for everyone. It opens up the creative process to employees at any skill level, making it easier to produce on-brand, polished visuals. This is especially valuable for small and mid-sized businesses where time and design resources are often limited. AI-Powered Content Creation: The Create module leverages AI to generate high-quality content. From documents and presentations to marketing materials like flyers and infographics, a few simple steps can generate stunning content. Customizable Templates: Access a variety of templates tailored to different business needs, so projects don’t have to start from scratch. These templates help maintain brand consistency and ensure professional quality output. Brand Kits: Even non-designers can set up brand kits to keep all content consistent and on-brand, making it easier to produce polished and cohesive materials that look professional and stand out. Businesses are now empowered to create professional and engaging content effortlessly, without the need to outsource to a marketing agency or hire creative professionals in-house. In the near future, you can look forward to even more features coming to the Create module, including compatibility with new content types like podcasts and surveys, so Copilot can even create those for you. Revolutionizing video editing with Microsoft Clipchamp Transform your video editing process from a daunting task into a seamless, enjoyable experience. With its latest updates, Microsoft Clipchamp enables even those with no prior editing experience to effortlessly create professional-quality videos. AI Editing Tools: Automatically detect and trim silent parts of audio or video files. This is particularly useful for editing podcasts, meetings, and interviews. Custom Templates: Quickly create new projects without starting from scratch using a collection of over 100 video templates, including YouTube intro videos, explainer videos, and sales video templates. This is especially useful for repetitive tasks like training videos, product demos, or marketing content. Templates also help ensure videos adhere to the same branding and style. Transcript-Based Editing: Allows users to edit videos by making changes to the transcript. Users can edit videos as if they were editing a text document—it's that intuitive and straightforward. For those who may not be familiar with video editing, which often requires experience, the old complex video editing tools of the past are no longer necessary. Clipchamp democratizes video editing so anyone can make changes with ease. See how Evergrowth uses Clipchamp to produce marketing communications Since 2015, Evergrowth, a sales software provider, has been helping customers optimize their sales, marketing, and enablement processes. Discover how they are using Clipchamp to produce impactful demo videos and elevate their social media marketing in this case study. “I have zero video editing experience, but with Clipchamp I put together a great-looking demo video very quickly. That product demo brought 300 people to a customer event we were organizing at the time. When that happened, I knew we were onto something.” - JB Daguené, CEO, Evergrowth Check out the Microsoft 365 Create module and Clipchamp In today's fast-paced business environment, leveraging AI tools like Microsoft 365 Copilot with its new Create module and Clipchamp can significantly enhance productivity and creativity. These innovations not only save time and resources but also democratize the creation process, making high-quality content accessible to everyone in your organization. Ready to transform your business with AI? Explore Microsoft 365 Copilot and Clipchamp today and see how these powerful tools can elevate your brand and streamline your operations. *Copilot is available as an additional subscription plan and requires a base Microsoft 365 plan, such as Microsoft 365 E3, E5, Business Standard, or Business Premium.
